The Art of Exploiting SQL Injection
Sumit Siddharth july 24
Ends February 1
Ends June 1
Ends July 20
This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:
- Authentication Bypass
- Extraction of arbitrary sensitive data from the database
- Access and compromise of the internal network.
This training will target 3 databases:
and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:
- Understand the problem of SQL Injection
- Learn a variety of advanced exploitation techniques which hackers use
- Learn how to fix the problem
Identify, extract, escalate, execute; we have got it all covered.
Who Should Take This Class
Penetration Testers, Web Developers, Security Auditors/Administrators/Managers, anyone else who wants to take their skills to the next level.
Student Requirements, experience/expertise
A prior knowledge of databases and SQL would be handy but is not a strict requirement.
Equipment/software students must furnish
Students must bring their own laptop with Windows Operating System installed (either running natively or in a VM). Students must have admin access on the windows platform.
Sumit "sid" Siddharth works as a Head of Penetration testing for 7Safe Limited in the UK. He specializes in the application and database security and has more than 6 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including Black Hat, DEF CON, Troopers, OWASP Appsec, Sec-T etc. He also runs the popular IT security blog: www.notsosecure.com